It takes many different forms: spear phishing, baiting, whaling, smishing, vishing. No matter what you call it, phishing attacks are a real and growing cybersecurity threat to today’s small and medium-sized businesses. In fact, Verizon reports that phishing attacks account for more than 80% of reported security incidents.
The question you’re probably asking right now is: what can be done? Read on, because below we highlight what you need to know about phishing attacks and the steps you can take to protect your business.
What is phishing?
Let’s start with the basics. What is a phishing attack and how can you recognise when it’s happening? Phishing is a type of email scam that’s based on social engineering. Attackers try to trick unsuspecting victims into revealing financial information, systems credentials, or other sensitive information.
Phishing attacks can be carried out via email, text messages, social media posts, voice communications and other media and often include links to counterfeit websites designed to trick victims into providing usernames, passwords, account numbers, or credit card details.
Cyber criminals use phishing attacks because they are easy, cheap and incredibly effective. Attackers can easily obtain email addresses, and emails are virtually free to send. With few resources and a little effort, cyber criminals can gain access to a treasure trove of valuable information.
How can you spot a phishing scam?
Phishing emails can often look just like official corporate communications, making them hard to spot. However, there are some telltale signs that you’re being targeted in an attack. Here’s what to look out for:
- Generic salutations: Most legitimate companies address the recipient by name, so be wary of phrases such as “Dear account holder” or “Dear valued customer.”
- Requests for sensitive information: No reputable business today would send an email asking you to reply with login credentials, financial information or other sensitive information.
- False sense of urgency: Many phishing emails will tell you that your account will be in jeopardy if you don’t provide critical information right away. Never click on a link in an email like this, instead visit the site directly.
- Suspicious looking domain names: Many phishing attacks come from domains that look familiar, but are in fact subtly different from the legitimate business. A common approach is to substitute numbers for letters.
- Unsolicited attachments: Emails with unsolicited attachments are often the work of cyber criminals. Most legitimate businesses send links to downloads, rather than include as an attachment.
How can you prevent phishing attacks?
Phishing scams are dangerous and difficult to thwart because of their sophisticated, targeted and manipulative nature. However, there are several precautions you can take to protect your workforce and your business from these potentially devastating attacks.
Train your staff
One of the most effective ways to prevent phishing attacks is to properly train your staff. Keep your staff informed of the latest phishing scams. We know that cyber criminals research the best ways to take advantage of human vulnerabilities – so arm your last defence with the knowledge they need to prevent bad actors from accessing your business.
A few bits of advice: keep your training short, frequent, and focussed. Offer up best practices and concrete examples of real-life phishing scams, so employees can make the connection between phishing and the impact it can have on organisations.
Secure your email system
Make it simple to block phishing emails and protect employees from attacks with a secure email gateway. Secure email gateways enable you to block and quarantine suspicious emails and spoofing attempts. While there are plenty of options on the market, we prefer Fortinet’s industry-leading FortiMail, which uses powerful anti-spam and anti-malware capabilities to stop unwanted bulk emails, phishing attempts and other business email compromise techniques.
Set up web address filtering
You can protect your organisation by blocking access to malicious, hacked or inappropriate websites using web filtering. Web filtering solutions either permit access to known safe sites (whitelisting) or prohibit access to sites used in phishing attacks (blacklisting). As a Fortinet Gold Partner, we can help you proactively protect your organisation using FortiGate web filtering.
At Optec, we can help you find the perfect solution for securing your email and keeping your workforce and business safe. If you’re concerned about the growing threat of phishing, sign up for our free Cybersecurity Threat Assessment Programme to find out what applications vulnerabilities can be exploited to attack your network and which phishing attacks are making it through your defences.